<?php
#[用户管理]
$sysnav = "manager";

if($_SESSION["admin"]["typer"] != "manager" &&$_SESSION["admin"]["typer"] != "system")
{
	Error("只有系统管理员才有权限操作！",$mainlink."?file=index");
}
if($sysact == "add" || $sysact == "modify")
{
	#[获取块信息功能]
	$modlist = $DB->qgGetAll("SELECT id,groupname FROM ".$prefix."sysgroup LIMIT 0,100");
	if($sysAct == "modify")
	{
		$id = intval($id);
		chk_id($id,$mainlink."?file=adminer&act=list");#[验证是否正确]
		$rs = $DB->qgGetOne("SELECT * FROM ".$prefix."admin WHERE id='".$id."'");
		if($rs["user"] == $_SESSION["admin"]["user"])
		{
			Error("系统禁止更改自己信息",$mainlink."?file=adminer&act=list");
		}
		if($rs["typer"] != "system")
		{
			$module_list = explode(",",$rs["modulelist"]);
			foreach($module_list AS $key=>$value)
			{
				$module[$value] = true;
			}
		}
	}
}
elseif($sysact == "modifyok")
{
	$id = intval($id);
	chk_id($id,$mainlink."?file=adminer&act=list");#[验证是否正确]
	$msg = $STR->safe($_POST);
	if(count($msg["modulelist"])>0)
	{
		$modulelist = implode(",",$msg["modulelist"]);#[组合模块]
	}
	else
	{
		$modulelist = "";
	}
	
	if(strlen($msg["username"])<6) 
	{
		Error("用户名不得少于6位数.",$mainlink."?file=adminer&act=modify&id=".$id);
	}
	$rschk = $DB->qgGetOne("SELECT user FROM ".$prefix."admin WHERE id!='".$id."' AND user='".$msg["username"]."'");
	if($rschk)
	{
		Error("管理员账号已经存在",$mainlink."?file=adminer&act=list");
	}
	$rs = $DB->qgGetOne("SELECT pass FROM ".$prefix."admin WHERE id='".$id."'");

	$msg["password"] = $msg["password"] ? $msg["password"] : "123456";
	if($msg["password"]!=$rs["pass"])
	{
		if(!valid_pass($msg["password"]))
		{
			
			Error("密码复杂度不够，请重新设置！",$mainlink."?file=adminer&act=modify&id=".$id);
			
		}
	}

	//$msg["password"] = $msg["password"] ? $msg["password"] : "123456";
	$password = $rs["pass"] == $msg["password"] ? $rs["pass"] : md5($msg["password"]);

	$sql = "UPDATE ".$prefix."admin SET user='".$msg["username"]."',typer='".$msg["typer"]."',pass='".$password."',email='".$msg["email"]."',modulelist='".$modulelist."',passdate='".$system_time."' WHERE id='".$id."'";
	$DB->qgQuery($sql);
	Error("管理员信息编写成功",$mainlink."?file=adminer&act=list");
}
elseif($sysact == "addok")
{
	$msg = $STR->safe($_POST);
	if(count($msg["modulelist"])>0)
	{
		$modulelist = implode(",",$msg["modulelist"]);#[组合模块]
	}
	else
	{
		$modulelist = "";
	}
	
	if(strlen($msg["username"])<6) 
	{
		Error("用户名不得少于6位数.",$mainlink."?file=adminer&act=add");
	}
	#[检测账号是否被使用过了]
	$rschk = $DB->qgGetOne("SELECT user FROM ".$prefix."admin WHERE user='".$msg["username"]."'");
	if($rschk)
	{
		Error("管理员账号已被使用",$mainlink."?file=adminer&act=add");
	}
	if(!valid_pass($msg["password"]))
	{
		
		Error("密码复杂度不够，请重新设置！",$mainlink."?file=adminer&act=add");
		
	}
	
	$password = md5($msg["password"]);
	$sql = "INSERT INTO ".$prefix."admin(user,typer,pass,email,modulelist,passdate) VALUES('".$msg["username"]."','".$msg["typer"]."','".$password."','".$msg["email"]."','".$modulelist."','".$system_time."')";
	$DB->qgQuery($sql);
	Error("管理员账号添加成功",$mainlink."?file=adminer&act=list");
}
elseif($sysact == "delete")
{
	$id = intval($id);
	chk_id($id,$mainlink."?file=adminer&act=list");#[验证是否正确]
	if($_SESSION["admin"]["typer"] != "system")
	{
		Error("仅限系统管理员才有删除其他管理员的权限！",$mainlink."?file=adminer&act=list");
	}
	if($_SESSION["admin"]["id"] == $id)
	{
		Error("管理员不能删除自己！",$mainlink."?file=adminer&act=list");
	}
	$sql = "DELETE FROM ".$prefix."admin WHERE id='".$id."'";
	$DB->qgQuery($sql);
	Error("管理员删除成功",$mainlink."?file=adminer&act=list");
}
else
{
	$rslist = $DB->qgGetAll("SELECT * FROM ".$prefix."admin ".$condition." WHERE typer != 'system' AND typer != 'manager' ORDER BY id DESC");
	$rslist2 = $DB->qgGetAll("SELECT * FROM ".$prefix."admin ".$condition."  ORDER BY id DESC");
}
Foot("adminer.qg");
?>